Check out our smart contract audit readiness checklist! Make sure you are properly prepared for the audit. This will not only save time, but also improve code clarity and reduce audit costs.
What is a smart contract audit?
A smart contract audit is a security checklist-based review conducted by experienced professionals to ensure that the smart contract is secure, efficient, and functions as intended.
The audit process includes testing the contract's behavior in different scenarios and looking for potential vulnerabilities or bugs. The goal is to identify any problems with the contract and provide recommendations for fixing them, helping to ensure the contract is reliable and can be trusted by users.
By conducting a smart contract audit, organizations can improve the security and trustworthiness of their smart contracts, ensuring that they operate as intended and are not vulnerable to attack.
Why is it worth preparing for an audit?
Audit is always best-effort, a balance between the cost on the client's side and the best possible performance of our work. We need to estimate how long it will take us to thoroughly understand the project and verify the potential threats.
The more readable and structured your code, the easier to understand and the better our estimate can be.
Another very helpful source of information is documentation. It is really worth updating the white paper and preparing high-level design diagrams that describe the flow of information going through your protocol.
This can really cut costs on your side. Especially when we don't have to spend a lot of time figuring out how something is supposed to work and describing basic security issues that you can easily prevent yourself.
Besides, the smart contract code is like your business card. By paying attention to details, you will gain much more trust from users.
Smart contract audit readiness checklist
Go through this checklist, and you will definitely improve the quality and security of your code.
| Composable Security - quick audit readiness checklist | |||
|---|---|---|---|
| ID | TASK | RESPONSIBLE PERSON | STATUS |
| 1. Code Clarity | |||
| 1.1 | I have deleted unused code snippets and old comments. | ||
| 1.2 | I have added 1-2 sentences describing the purpose of each of the smart contracts at the top. | ||
| 1.3 | I have described each variable. | ||
| 1.4 | I followed a code style that was consistent throughout the codebase. | ||
| 1.5 | I made sure that the variables were named in a way that corresponds to their purpose and that they are easy to understand. | ||
| 2. Documentation | |||
| 2.1 | I described the roles in the project and what they should have access to. | ||
| 2.2 | I have described the main user's business flow in detail. | ||
| 2.3 | I have created high-level diagrams of the protocol. | ||
| 2.4 | I have updated the white paper. | ||
| 2.5 | I briefly described the plans for the potential expansion of the project. | ||
| 3. Materials for auditors | |||
| 3.1 | I created a separate GitHub branch for auditing with files from defined scope (and froze the code). | ||
| 3.2 | I provided reports from previous audits. | ||
| 3.3 | I sent the auditors the documentation of our project (e.g. white paper, architecture diagram, flow diagrams). | ||
| 4. Automated tools | |||
| 4.1 | I ran the slither with default settings and handled the reported bugs. | ||
| 4.2 | I launched solidity-coverage to confirm excellent coverage. | ||
| 5. Final checks | |||
| 5.1 | I compiled the code and ran tests from the audit branch in a fresh environment. | ||
Congratulations
If you have gone through the checklist, you are ready for the audit.
You did a great job, now it's our turn - Contact us to request an audit.
About the author
Co-author of SCSVS and White Hat. Professionally dealing with security since 2017 and since 2019 contributing to the crypto space. Big DeFi fan and smart contract security researcher.
